Leaked Voter Databases Could be Weaponized for Election Meddling

Our Election Security Is Lacking

New York State’s 2018 voter database was leaked and posted for free on a well-known forum about a week ago. The database included full name, physical address, previous addresses, date of birth, gender, voter ID, voter status, and voter history.

New York State’s 2018 voter database leaked online

Voter databases alone are not a huge threat. If a state or city’s database is leaked, the first question is usually “was it FOIA-able information?” (FOIA means Freedom of Information Act). Most of the information in a voter database is close to public already. It depends on the state, but if you were an institution and had a good reason for looking at that information, you could request it.

How Voter Databases Could Be Weaponized

What no one seems to realize is that voter databases combined with other information being sold or distributed on the dark web could be dangerous. A malicious actor could take account information from a combolist on the dark web and combine it with personal information from the voter database to steal someone’s identity. There are reportedly 8.7 billion identity related records on the surface, deep, and dark web. That’s one case scenario.

Another scenario: a malicious actor could use account information to pose as someone and sabotage their voter profile which could make it hard or impossible to vote. In New York, changing your voter profile is as easy as resubmitting the registration form with the changed information. The only identity verification the form allows is either a DMV number or the last four digits of a SSN. That kind of information is pretty easily available on the dark web. A few days ago I saw a vendor on Wall St. Market offering a “ten pack” of DMV numbers, SSNs, full names, addresses, and a manual for how to cash out.

Election Meddling is an Increasing Threat

Sabotaging voter profiles en masse would amount to voter suppression—an increasingly concerning threat. Twitter has suspended hundreds of millions of accounts on suspicion of election influence (misinformation, generally). Facebook shut down 32 false pages in August for involvement in a disinformation campaign. Just to name a couple of popular stories. GroupSense sees election meddling a lot. In August of this year, we released the Sharks Report detailing how 9.5 million social accounts and emails were hijacked by Russian operators running a disinformation campaign. The Washington Post covered our research in “The Strange Birth, Death, and Rebirth of a Russian Troll Account called ‘AllforUSA’“. As you can see, most of the time election meddling is driven by social media or digital content–not hacking voting machines.

It’s true, however, that local and federal government have come a long way in securing elections. Numerous protocols are in place to ensure the security of election technology and even to demonstrate its integrity to the public. Some states have instituted multi-factor authentication for government officials across the board. And the Secure Elections Act aims to increase security as well.

Election Monitoring is a Powerful Solution

But there are still basic gaps in election security. Just look at the news stories of election influence. Are hacked voting machines the problem? Not generally. The real problem is misinformation and disinformation campaigns which are waged over social media and chat servers, or campaigns being hacked by credential stuffing tactics (which only work because employees reuse passwords).

Securing voting machines only addresses a small part of the problem. When the problem is credential stuffing and disinformation campaigns, a security solution that makes sense is election monitoring. Actively monitoring social media platforms, chat servers, and the dark web for any suspicious posts or behavior related to a specific election could potentially streamline security spending, reduce response times for incidences, and eliminate numerous threats before they’re realized.

What You Can Do About It

Get in touch with us now to integrate election monitoring into your election security program, or send this blog to someone who can. Fill out our form by clicking “get in touch,” or email us at “marketing@groupsense.io”.

Share this on

Recommended Stories

Contact us

We’re ready to lead you into the future of cyber intelligence.

GroupSense is here to provide you with more information, answer questions and help create an effective solution for your cyber intelligence needs. Whether you’re a potential customer, looking to partner, or a journalist, fill out this form and we’ll make sure the right person reaches out.

Call us

Address

Follow us

Terms and Conditions

INTRODUCTION

These Website Standard Terms and Conditions (these “Terms” or these “Website Standard Terms and Conditions”) contained herein on this webpage, shall govern your use of this website, including all pages within this website (collectively referredto herein below as this “Website”). These Terms apply in full force and effect to youruse of this Website and by using this Website, you expressly accept all terms and conditions contained herein in full. You must not use this Website, if you have any objection to any of these Website Standard Terms and Conditions.
This Website is not for use by any minors (defined as those who are not at least 18 years of age), and you must not use this Website if you a minor.

INTELLECTUAL PROPERTY RIGHTS

Other than content you own, which you may have opted to include on this Website, under these Terms, GroupSense and/or its licensors own all rights to the intellectual property and material contained in this Website, and all such rights are reserved.
You are granted a limited license only, subject to the restrictions provided in these Terms, for purposes of viewing the material contained on this Website,

RESTRICTIONS

You are expressly and emphatically restricted from all of the following:

4. Using this Website in any way that is, or may be, damaging to this Website;

5. Using this Website in any way that impacts user access to this Website;

6. Using this Website contrary to applicable laws and regulations, or in a way
that causes, or may cause, harm to the Website, or to any person or business
entity;

7. Engaging in any data mining, data harvesting, data extracting or any other
similar activity in relation to this Website, or while using this Website;

8. Using this Website to engage in any advertising or marketing;

Certain areas of this Website are restricted from access by you and GroupSense may further restrict access by you to any areas of this Website, at any time, in its sole and absolute discretion. Any user ID and password you may have for this Website are confidential and you must maintain confidentiality of such information.

YOUR CONTENT

In these Website Standard Terms and Conditions, “Your Content” shall mean any audio, video, text, images or other material you choose to display on this Website. With respect to Your Content, by displaying it, you grant GroupSense a non-exclusive, worldwide, irrevocable, royalty-free, sublicensable license to use, reproduce, adapt, publish, translate and distribute it in any and all media. Your Content must be your own and must not be infringing on any third party’s
rights. GroupSense reserves the right to remove any of Your Content from this Website at any time, and for any reason, without notice.

NO WARRANTIES

This Website is provided “as is,” with all faults, and GroupSense makes no express or implied representations or warranties, of any kind related to this Website or the materials contained on this Website. Additionally, nothing contained on this Website shall be construed as providing consult or advice to you.

LIMITATION OF LIABILITY

In no event shall GroupSense, nor any of its officers, directors and employees, be liable to you for anything arising out of or in any way connected with your use of this Website, whether such liability is under contract, tort or otherwise, and GroupSense, including its officers, directors and employees shall not be liable for any indirect, consequential or special liability arising out of or in any way related to your use of this Website.

INDEMINIFICATION

You hereby indemnify to the fullest extent GroupSense from and against any and all liabilities, costs, demands, causes of action, damages and expenses (including reasonable attorney’s fees) arising out of or in any way related to your breach of any of the provisions of these Terms.

SEVERABILITY

If any provision of these Terms is found to be unenforceable or invalid under any applicable law, such unenforceability or invalidity shall not render these Terms unenforceable or invalid as a whole, and such provisions shall be deleted without affecting the remaining provisions herein.

VARIATION OF TERMS

GroupSense is permitted to revise these Terms at any time as it sees fit, and by using this Website you are expected to review such Terms on a regular basis to ensure you understand all terms and conditions governing use of this Website.

ASSIGNMENT

GroupSense shall be permitted to assign, transfer, and subcontract its rights and/or obligations under these Terms without any notification or consent required. However, you shall not be permitted to assign, transfer, or subcontract any of your rights and/or obligations under these Terms.

ENTIRE AGREEMENT

These Terms, including any legal notices and disclaimers contained on this Website, constitute the entire agreement between GroupSense and you in relation to your use of this Website, and supersede all prior agreements and understandings with respect to the same.

GOVERNING LAW AND JURISDICTION

These Terms will be governed by and construed in accordance with the laws of the State of Virginia, and you submit to the non-exclusive jurisdiction of the state and federal courts located in Virginia for the resolution of any disputes.
​

Privacy Policy

THIRD-PARTY WEBSITES

The Site may contain links to third-party websites and applications of interest, including advertisements and external services, that are not affiliated with us. Once you have used these links to leave the Site, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, youshould inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Site.

SECURITY OF YOUR INFORMATION

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and nomethod of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

POLICY FOR CHILDREN

We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.

CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. If you set the DNT signal on your browser, we will respond to such DNT browser signals.

CALIFIORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendaryear. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information
provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Site, you have the right to request removal of unwanted data that you publicly post on the Site. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Site, but please be aware that the data nay not be completely or comprehensively removed from our systems.

CONTACT US

If you have questions or comments about this Privacy Policy, please contact us at: